In Stone v. Ritter, et al., 2006 WL 3169168 (Del. Nov. 6, 2006), the Delaware Supreme Court affirmed the Court of Chancery’s dismissal of a derivative action against certain current and former directors of AmSouth Bancorporation (“AmSouth”), a Delaware corporation which paid approximately $50 million dollars in fines and penalties in order to resolve investigations for alleged violations of the federal Bank Secrecy Act and federal anti-money laundering regulations.

The stockholder-plaintiffs chose not to make a presuit demand on AmSouth’s Board of Directors pursuant to Delaware Court of Chancery Rule 23.1. Instead, plaintiffs pled a so-called Caremark claim (derived from In re Caremark Int’l Inc. Deriv. Litig., 698 A.2d 959 (Del. Ch. 1996)), alleging that demand was futile because the board members faced a substantial likelihood of liability arising from their “sustained or systematic failure … to exercise oversight – [i.e.] an utter failure [by directors] to attempt to assure a reasonable information and reporting system exists” regarding compliance with applicable banking laws and regulations.

While recognizing that the compliance system instituted by AmSouth proved inadequate to assure compliance with federal law, the Delaware Court of Chancery held that plaintiffs failed to establish futility of the demand requirement because they failed to adequately plead “facts showing that the board was ever [subjectively] aware that AmSouth’s internal controls were inadequate … and that the board chose to do nothing about problems it allegedly knew existed.” Dismissal for failure to comply with the demand requirement of Rule 23.1 was warranted because plaintiffs failure to plead particularized facts establishing that the director-defendants knew the company’s controls were inadequate meant there was no actionable “bad faith,” and, therefore, the directors, as a matter of law, faced no personal liability for violating their fiduciary duties.

On appeal, the Court of Chancery’s Rule 23.1 dismissal was reviewed de novo. The Delaware Supreme Court’s affirmance was based, in large part, on a report by KPMG Forensic Services (“KPMG”), which was retained by AmSouth following a demand by governmental authorities that AmSouth engage an independent consultant to conduct a comprehensive review of its compliance program. The KPMG report was incorporated by reference into plaintiffs’ complaint. The report noted that AmSouth had an officer who was responsible for Bank Secrecy Act and anti-money laundering matters, for training staff, and for reporting and presenting proposed policy changes to the Board. The officer was assisted by a compliance department with 19 staff members. In addition, the company had a corporate security department, headed by a former United States Secret Service agent “In the absence of red flags, good faith and the context of oversight must be measured by the directors’ actions ‘to assure a reasonable information and reporting system exists’ and not by second-guessing after the occurrence of employee conduct that results in an unintended adverse outcome.” and a suspicious activity oversight committee, which had responsibilities supplementing those of the compliance department. Moreover, the Board’s Audit Committee reviewed these compliance programs on a quarterly basis. Finally, AmSouth’s compliance assurance programs predated AmSouth’s becoming aware that it was the target of any government investigation. In light of all of this, the Delaware Supreme Court held that the directors acted in good faith and there was no utter lack of oversight, even though the company’s compliance safeguards ultimately failed. AmSouth’s Board, having acted in good faith, faced no personal liability; consequently, pre-suit demand could not be excused and dismissal of the complaint affirmed.

The case is noteworthy for the Delaware Supreme Court’s affirmance of the approach taken in Caremark: We hold that Caremark articulates the necessary conditions predicate for director oversight liability: (a) the directors utterly failed to implement any reporting or information system or system of controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention. In either case, imposition of liability requires a showing that the directors knew that they were not discharging their fiduciary obligations. Where directors fail to act in the face of a known duty to act, thereby demonstrating a conscious disregard for their responsibilities, they breach their duty of loyalty by failing to discharge that fiduciary obligation in good faith.

Further, the case demonstrates that long-standing compliance programs that are administered by credible employees and regularly monitored by an active board will likely defeat a Caremark-type claim. In this regard, the Court stated: In the absence of red flags, good faith and the context of oversight must be measured by the directors’ actions “to assure a reasonable information and reporting system exists” and not by second-guessing after the occurrence of employee conduct that results in an unintended adverse outcome.

The Stone decision is also significant for the definitive stance taken by the Delaware Supreme Court on the role of “good faith” in the fiduciary framework of corporate governance. The Court held that the duty of good faith is not an independent fiduciary duty, but rather a component of the duty of loyalty: It is important, in this context, to clarify a doctrinal issue that is critical to understanding fiduciary liability under Caremark as we construe that case. The phraseology used in Caremark and that we employ here—describing the lack of good faith as a “necessary condition to liability”—is deliberate. The purpose of that formulation is to communicate that a failure to act in good faith is not conduct that results, ipso facto, in the direct imposition of fiduciary liability. The failure to act in good faith may result in liability because the requirement to act in good faith “is a subsidiary element[,]” i.e., a condition, “of the fundamental duty of loyalty.” It follows that because a showing of bad faith conduct, in the sense described in Disney and Caremark, is essential to establish director oversight liability, the fiduciary duty violated by that conduct is the duty of loyalty.

This view of a failure to act in good faith results in two additional doctrinal consequences. First, although good faith may be described as colloquially as part of a “triad” of fiduciary duties that includes the duties of care and loyalty, the obligation to act in good faith does not establish an independent fiduciary duty that stands on the same footing as the duties of care and loyalty. Only the latter two duties, where violated, may directly result in liability, whereas a failure to act in good faith may do so, but indirectly. The second doctrinal consequence is that the fiduciary duty of loyalty is not limited to cases involving a financial or other cognizable fiduciary conflict of interest. It also encompasses cases where the fiduciary fails to act in good faith. As the Court of Chancery aptly put it in Guttman [v. Huang, 823 A.2d 492, 506 n. 34 (Del. Ch. 2003)], “[a] director cannot act loyally towards the corporation unless she acts in the good faith belief that her actions are in the corporation’s best interest.”